Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

subscribe security #487

Open
Phorum opened this Issue · 2 comments

1 participant

@Phorum

For later on, to check:

In phorum_user_subscribe (soon to be phorum_api_user_subscribe()), I found the following code:
{{{
function phorum_user_subscribe( $user_id, $forum_id, $thread, $type )
{
$list=phorum_user_access_list( PHORUM_USER_ALLOW_READ );
if(!in_array($forum_id, $list)) return;
return phorum_db_user_subscribe( $user_id, $forum_id, $thread, $type );
}
}}}

How does this work if a user with a subscription is revoked read permissions? Will he still get the messages for the subscription or is that stopped?

Reported by: mmakaay
Imported from TRAC: http://trac.phorum.org/ticket/586

@Phorum

he will still get messages.
its too expensive to check for read-permissions for all subscribed users.

By: ts77

@Phorum

By: anonymous

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.